Two pfSense boxes, one acting OpenVPN server, same subnet. Can't talk to second

  • I have two pfSense boxes that I'm currently in the processes of configuring.

    They are both connected to the same LAN subnet, and both have static IPs. Only one (#1) is performing DHCP. I am eventually going to CARP them for redundancy. Anyways, here is the problem.

    My OpenVPN tunnel works great! I can connect, and ping around my network and access my switches and #1 pfSense box. However, I can't talk to my #2 pfSense box over the tunnel. However, all other devices CAN ping the second box locally. Oh, I also ran on #1 and I can get into the webConfig on #2. But I would like to get to it through the openvpn tunnel. Any suggestions?

    what is odd is that I see no BLOCK firewall logs on the second box.

  • #2 will not know a route back to the OpenVPN tunnel network. Your ping will have a source IP of the client end of the OpenVPN tunnel to #1. #2 has to turn that around and send a reply back. The reply will be going out #2's WAN (its default route) and will then get dropped by the ISP router (which won't know how to route your tunnel private IP).
    #2 will need a route added to tell it that the OpenVPN tunnel network is reached via the LAN IP of #1.

  • yes, one of the parallel threads here gives the answer already TODAY (search function is right upper; makes always sense to use it before posting ;))

Log in to reply